<?php
    try {
        $db = new PDO("mysql:host=localhost; dbname=db2;", 'root', 'root');
        $db -> setAttribute(PDO::ATTR_DEFAULT_FETCH_MODE,PDO::FETCH_ASSOC);
        session_start();
        $hasRight = $_SESSION['user']['xh'] === $_GET['xh'] || $_SESSION['user']['isAdmin'];//判断用户是否有相关的权限
        if ($r = $_POST){
            if ($r['pwd'] !== $r['pwd2']) throw new Exception('两次输入的密码不一致，请重新输入');
            if ($r['xh'] === '') throw new Exception('注册用户必须填入学号');
            if ($r['pwd']){//输入有密码，要判断是否满足口令的规则要求
                if (preg_match('!^(?=.*?\d)(?=.*?[a-z])(?=.*?[^0-9a-z]).{3,20}$!i',$r['pwd']) !== 1){
                    throw new Exception('密码需要3-20个字符，须同时包含字母、数字及其他字符');
                }
            }elseif($_GET['xh']){//要修改用户信息但未输入密码，表示用户原来的密码不用修改
                $r['pwd'] = $_SESSION['user']['pwd'];
            }else{//注册新用户时未提供密码，这是一种错误
                throw new Exception('注册用户必须输入密码');
            }
            //echo '<pre>',print_r($_POST,true),print_r($_GET,true),'</pre>';
            if ($_GET['xh']){//修改已经存在的纪录
                if ($hasRight){//有权限执行修改
                    $r['isAdmin'] = $_SESSION['user']['isAdmin'];
                    unset($r['pwd2']);
                    $ps = $db -> prepare('update students set xh=?,name=?,tel=?,pwd=? where xh=?');
                    $ps -> execute([$r['xh'],$r['name'],$r['tel'],$r['pwd'],$_GET['xh']]);
                    if ($_SESSION['user']['xh'] === $_GET['xh']) $_SESSION['user'] = $r;//登录用户的信息被修改，这里也需要进行修改
                }else{//没有权限修改记录
                    throw new Exception('Sorry,你没有修改的权限。');
                }
            }else{//注册新用户
                $ps = $db -> prepare('insert into students (xh,name,tel,pwd) values (?,?,?,?)');
                $ps -> execute([$r['xh'],$r['name'],$r['tel'],$r['pwd']]);

            }
            header('Location: index.php');
            return;
        }elseif ($_GET['xh']){//修改用户信息
            $ps = $db -> prepare('select * from students where xh = ?');
            $ps -> execute(array($_GET['xh']));
            $r = $ps -> fetch();
            if ($r === false) throw new Exception('找不到要修改的纪录');
            //echo '<pre>',print_r($r,true),'</pre>';
            if (!$hasRight) throw new Exception('Sorry,你没有修改的权限。');
        }else{//注册新用户
            $hasRight = true;
        }
    }catch (Throwable $e){
        $msg = $e -> getMessage();
    }
?>
<!doctype html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <title><?=$_GET['xh']===null?'注册':'修改'?>新用户</title>
    <style>
        h1{
            color:red;
        }
        input{
            padding: 10px;
            margin:6px;
            border-radius: 6px;
        }
        .msg{
            color:red;
            margin: 20px 0;
        }
    </style>
</head>
<body>
<h1><?=$_GET['xh']===null?'注册':'修改'?>新用户</h1>
<form method="post">
    学号  ：<input type="text" name="xh" value="<?=$r['xh']?>" <?=$hasRight?'':'disabled'?>><br>
    姓名  ：<input type="text" name="name" value="<?=$r['name']?>" <?=$hasRight?'':'disabled'?>><br>
    电话  ：<input type="text" name="tel" value="<?=$r['tel']?>" <?=$hasRight?'':'disabled'?>><br>
    密码  ：<input type="password" name="pwd" <?=$hasRight?'':'disabled'?>><b>
        <?=isset($_GET['xh']) && !$msg?'留空将不会修改原来的密码':'3-20个字符，须同时包含字母、数字及其他字符'?>
    </b><br>
    重复密码：<input type="password" name="pwd2" <?=$hasRight?'':'disabled'?>><br>
    <div class="msg"><?=$msg?></div>
    <input type="submit" value="提交数据" <?=$hasRight?'':'disabled'?>>
</form>
</body>
</html>